Passive network monitoring system

US 20030214913A1
Filed: 05/17/2002
Published: 11/20/2003
Est. Priority Date: 05/17/2002
Status: Active Grant

First Claim

Patent Images

1. A network monitoring system, comprising:

a database;

at least one monitoring circuit coupled to a network along which network traffic flows in a form of packets, at least one monitoring circuit programmed to perform the steps of;

receiving a packet communicated along the network;

determining whether data in the packet satisfies a rule set; and

responsive to determining that data in the packet satisfies a rule set, copying information relating to the packet to be stored into the database; and

circuitry for querying the information communicated by the at least one monitoring circuit to the database to identify an irregularity in the network traffic.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network monitoring system (10). The system comprises a database (32) and at least one monitoring circuit (36) coupled to a network (20). Network traffic flows along the network in a form of packets. The at least one monitoring circuit is programmed to perform the steps of receiving a packet communicated along the network and determining whether data in the packet satisfies a rule set. Further, the at least one monitoring circuit is responsive to determining that data in the packet satisfies a rule set by copying information relating to the packet to be stored into the database. The system also comprises circuitry for querying the information communicated by the at least one monitoring circuit to the database to identify an irregularity in the network traffic.

186 Citations

31 Claims

1. A network monitoring system, comprising:
- a database;
  
  at least one monitoring circuit coupled to a network along which network traffic flows in a form of packets, at least one monitoring circuit programmed to perform the steps of;
  
  receiving a packet communicated along the network;
  
  determining whether data in the packet satisfies a rule set; and
  
  responsive to determining that data in the packet satisfies a rule set, copying information relating to the packet to be stored into the database; and
  
  circuitry for querying the information communicated by the at least one monitoring circuit to the database to identify an irregularity in the network traffic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1 wherein the database stores the rule set.
  - 3. The system of claim 1 and further comprising a plurality of monitoring circuits coupled to the network:
    - wherein the plurality of monitoring circuits include the at least one monitoring circuit; and
      
      wherein each of the plurality of monitoring circuits comprises a corresponding database.
  - 4. The system of claim 3, wherein each of the plurality of monitoring circuits is programmed to perform the steps of:
    - receiving a packet communicated along the network;
      
      determining whether data in the packet satisfies a rule set; and
      
      responsive to determining that data in the packet satisfies a rule set, copying information relating to the packet to be stored into the corresponding database.
  - 5. The system of claim 4:
    - wherein the packet comprises a header and a payload; and
      
      wherein the step of determining whether data in the packet satisfies a rule set comprises determining whether data in the header satisfies a rule set.
  - 6. The system of claim 5 wherein the step of determining whether data in the header satisfies a rule set comprises determining whether a field in the header satisfies the rule set, wherein the field is selected from a set consisting of source address, destination address, type of service, packet size, and router port number.
  - 7. The system of claim 5 wherein the step of determining whether data in the header satisfies a rule set comprises determining whether the packet comprises an internet control message protocol message.
  - 8. The system of claim 4 wherein the step of determining whether data in the w packet satisfies a rule set comprises determining whether one or more QoS parameters satisfy the rule set.
  - 9. The system of claim 4:
    - wherein the packet comprises a header and a payload; and
      
      wherein the step of determining whether data in the packet satisfies a rule set comprises determining whether data in the payload satisfies the rule set.
  - 10. The system of claim 9 wherein the step of determining whether data in the packet satisfies a rule set comprises determining whether one or more QoS parameters in the payload satisfy the rule set.
  - 11. The system of claim 4 wherein the copying step for each of the plurality of monitoring circuits comprises copying a portion of the packet.
  - 12. The system of claim 4 wherein the copying step for each of the plurality of monitoring circuits comprises copying at least one statistic relating to the packet.
  - 13. The system of claim 4 wherein each corresponding database stores the rule set for a corresponding monitoring circuit.
  - 14. The system of claim 13:
    - and further comprising a recorder layer for communicating between each corresponding database and monitoring circuit;
      
      wherein the recorder layer is operable to communicate the rule set from the corresponding database to the monitoring circuit; and
      
      wherein the recorder layer is operable to communicate the copied information relating to the packet from the monitoring circuit to the corresponding database.
  - 15. The system of claim 4 and further comprising circuitry for electronically providing a corrective action with respect to an identified irregularity in the network traffic.
  - 16. The system of claim 15 wherein the corrective action comprises re-routing network traffic.
  - 17. The system of claim 4 and further comprising circuitry for electronically providing a corrective action with respect to an identified irregularity in the network traffic, wherein the corrective action is accomplished within five minutes of the circuitry for querying detecting the identified irregularity.
  - 18. The system of claim 1 wherein the network comprises an internet protocol network.
  - 19. The system of claim 1 wherein the internet protocol network comprises the global internet.
  - 20. The system of claim 1 wherein the network comprises a network selected from a group consisting of asynchronous transfer mode, token ring, Novell, and Apple Talk.

21. A method of monitoring a network along which network traffic flows in a form of packets, comprising:
- receiving a packet communicated along the network;
  
  determining whether data in the packet satisfies a rule set; and
  
  responsive to determining that data in the packet satisfies a rule set, copying information relating to the packet to be stored into a database;
  
  storing a network flow in the database and corresponding to the information; and
  
  querying the information to identify an irregularity in the network traffic.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 22. The method of claim 21 wherein the database stores the rule set.
  - 23. The method of claim 21 and further comprising repeating each of the receiving, determining, and copying steps at different locations in the network.
  - 24. The method of claim 23:
    - wherein the packet comprises a header and a payload; and
      
      wherein the step of determining whether data in the packet satisfies a rule set comprises determining whether data in the header satisfies a rule set.
  - 25. The method of claim 24 wherein each step of determining whether data in the header satisfies a rule set comprises determining whether a field in the header satisfies the rule set, wherein the field is selected from a set consisting of source address, destination address, type of service, packet size, and router port number.
  - 26. The method of claim 24 wherein each step of determining whether data in the header satisfies a rule set comprises determining whether the packet comprises an internet control message protocol message.
  - 27. The method of claim 24 wherein each step of determining whether data in the packet satisfies a rule set comprises determining whether one or more QoS parameters satisfy the rule set.
  - 28. The method of claim 24:
    - wherein the packet comprises a header and a payload; and
      
      wherein each step of determining whether data in the packet satisfies a rule set comprises determining whether data in the payload satisfies the rule set.
  - 29. The method of claim 28 wherein each step of determining whether data in the packet satisfies a rule set comprises determining whether one or more QoS parameters in the payload satisfy the rule set.
  - 30. The method of claim 24 wherein at least some of the copying steps comprise copying a portion of the packet.
  - 31. The method of claim 24 wherein at least some of the copying steps comprise copying at least one statistic relating to the packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
WSOU Investments, LLC (WSOU Holdings, LLC)
Original Assignee
Alcatel-Lucent SA (Nokia Corporation)
Inventors
Kan, Chao, Guingo, Pierrick

Granted Patent

US 7,483,379 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/252
CPC Class Codes

H04L 43/08   Monitoring or testing based...

H04L 43/0829   Packet loss

H04L 43/16   Threshold monitoring

Passive network monitoring system

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

186 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Passive network monitoring system

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

186 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links